Lunar Linux Hardened
From Lunar Linux
Contents |
Hardened Lunar Linux
The maingoal of this project might be to have a Lunar Linux with security enhancements. The most modules will be patched with patches we've written or others written. Others could be Linux-from-Scratch users or other Distributions. As long as we keep credits - This should be okay.
Language
The mainproblem is my language - so if you read things you don't understand please ask me - My english isn't as good as yours so probably i would be happy for corrections ;-)
Warning
This project is in an experimental state - So use it only if you want to play with it or if you want help developing it. It's not for production use right now.
The Patches
Last Update of this list: 09th March 07'
gcc 4.1.2
posix-1.patch | - | Makes GCC Posix Compliant |
binutils 2.17
branch_update-1.patch | - | This is the binutils-2_17-branch (bug fix branch) update, compared from binutils-2.17-release and binutils-2_17-branch with all the fluff removed (CVS entries, maintainer files, etc). This patch should be updated periodically. |
hardened_tmp-3.patch | - | This patch uses mkstemp(3) and mkdtemp(3) for temporary file creation, if they are available, rather than the default mktemp(3). This is safer and removes some compiler warnings. |
lazy-1.patch | - | This adds -z lazy option, inverse of -z now. |
pt_pax-1.patch | - | This adds PT_PAX_FLAGS to Binutils. See: http://pax.grsecurity.net/ |
posix-1.patch | - | Makes binutils Posix Compliant |
coreutils 6.7
i18n-1.patch | - | This patch fixes various problems with multibyte character support. |
uname-1.patch | - | Fix the output of uname once and for all. |
glibc 2.5
blowfish.patch | - | This patch adds blowfish crypto to libcrypt. |
branch_update-2.patch | - | This is a branch update for Glibc-2.5, and should be rechecked periodically. See the "Changelog" and "localedata/ChangeLog" files for specific details. |
dl_execstack_PaX-1.patch | - | This is needed for Pax. http://pax.grsecurity.net/ |
hardened_tmp-1.patch | - | This patch instructs mktemp(1) to use temporary file directory from the '-t' option. It also makes sure temporary files get removed after exiting the scripts. |
iconv_unnest-1.patch | - | Move nested function to a static one so we avoid generating a trampoline. |
localedef_segfault-1.patch | - | Fixes Segfault when using localdef. This problem is only noticed when using PaX and some architectures besides x86. See debian bug # 231438 |
pt_pax-1.patch | - | This is needed for Pax. http://pax.grsecurity.net/ |
strlcpy_strlcat-1.patch | - | http://www.courtesan.com/todd/papers/strlcpy.html |